Home > Support > Knowledge Base > Knowledge Base Article

How To Configure the Digi TransPort Firewall to Allow Alternate SSH and Other Management Ports for External Access



With the standard rule in place, which allows SSH, you may see several external connection attempts in the Event log similar to the following:

    15:58:28, 15 May 2014,GP socket connected: 192.168.1.1:22 -> ###.###.###.###:5286

Fortunately, Digi TransPort routers will listen on the standard service ports with 8000+ port numbers.  For example:  8022(SSH),8080(HTTP), 8443(HTTPS), etc...

In order to configure the Digi TransPort to stop listening on the standard SSH port 22 and listen on the 8022 port instead, the following can be added to the firewall rules:

    pass in break end proto tcp from any to any port=8022 flags S!A inspect-state

Looking at the Firewall hit counter will allow you to see which rules are getting hit and logged into fwlog.txt by the last rule in the default firewall rule set: 

    block logbreak end

When adding the above mentioned rule, the firewall
 blocks the attempt, so it will never make it into the Event Log. Instead it shows up in Management - Network Status >Firewall Trace (fwlog.txt). The following shows an example of a blocked SSH connection attempt:


-----   15-5-2014 13:10:24   ------

FW LOG   Dir: IN   Line:21   Hits: 599   IFACE: PPP 1

Source IP: ###.###.###.###   Dest IP: 192.168.1.1  ID: 27424   TTL: 232   PROTO: TCP (6)

Src Port: 5286   Dst Port: 22

block log break end





Contact a Digi expert and get started today! CONTACT US